CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2026-25802

New API is a large language mode (LLM) gateway and artificial intelligence (AI) asset management system. Prior to version 0.10.8-alpha.9, a potential unsafe operation occurs in component `MarkdownRenderer.jsx`, allowing for Cross-Site Scripting(XSS) when the model outputs items containing `<script>` tag. Version 0.10.8-alpha.9 fixes the issue.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.0

EPSS Ranking 10.0%

CVSS Severity

CVSS v3 Score 7.6

References

https://github.com/QuantumNous/new-api/commit/ab5456eb1049aa8a0f3e51f359907ec7fff38b4b
https://github.com/QuantumNous/new-api/security/advisories/GHSA-299v-8pq9-5gjq

Products affected by CVE-2026-25802

Newapi » New Api » Version: Any

cpe:2.3:a:newapi:new_api:*
Newapi » New Api » Version: 0.10.8

cpe:2.3:a:newapi:new_api:0.10.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2026-25802

Products

Pricing

Contact Us